Update ActiveMQServerImpl.java #4102
Conversation
(cherry picked from commit 95aa20b)
(cherry picked from commit 1dc9d4f)
…ased and quite involved (cherry picked from commit 6f4c609)
(cherry picked from commit e86acc9)
(cherry picked from commit e5d0b69)
(cherry picked from commit 1d84800)
…on to core on AMQP Messages on console browsing Done in collaboration with Erwin Dondorp through apache#3794 (cherry picked from commit a833d95)
(cherry picked from commit 6bb4aa7)
(cherry picked from commit 54418df)
…rge Messages (cherry picked from commit 1db3ae1)
(cherry picked from commit cf85d35)
…aths (cherry picked from commit 925cead)
Skip backup connector equivalent to cluster connector for cluster connections. (cherry picked from commit dca3fac)
(cherry picked from commit 5b33140)
(cherry picked from commit 14f8e8d)
(cherry picked from commit 3191d0c)
…onnection add bridge connection verification after stop cluster connection to wait for the bridge stop completely and avoid a failure on stop/start cluster connection test (cherry picked from commit 7791a26)
(cherry picked from commit 1839461)
Commit 481b73c from ARTEMIS-3502 inadvertently broke this functionality. This commit restores the original behavior. autoDeleteAddress was renamed to forceAutoDeleteAddress which will ignore the address settings. delete temporary queues will use forceAutoDeleteAddress=true. this is done in collaboration with Justin Bertram (cherry picked from commit 1d0c0a8)
…for exception (cherry picked from commit 82645aa)
(cherry picked from commit 6de6372)
(cherry picked from commit 98a6e42)
(cherry picked from commit 0672471)
(cherry picked from commit 9f6d7a0)
(cherry picked from commit 8635eb6)
(cherry picked from commit e90a659)
(cherry picked from commit fcd512f)
(cherry picked from commit 5fe42dd)
(cherry picked from commit ad4f6a1)
(cherry picked from commit 22df1f1)
(cherry picked from commit 172d72d)
(cherry picked from commit 5708bcb)
(cherry picked from commit d02c8cd)
Move to the latest release of Hawtio 2.14.x. Also, remove the Log4j archives from the web console application. It's not necessary to include Log4j archives because Hawtio itself uses SLF4J and the logging implementation will be provided by the broker runtime. We already do this for SLF4J. While not strictly necessary, removing Log4j will ease concerns about security issues such as the recently announced CVE-2021-44228. (cherry picked from commit 2e3c69c)
(cherry picked from commit b65c845)
(cherry picked from commit 97378a6)
(cherry picked from commit abf82bc)
…CastException (cherry picked from commit f1004c8)
…cation warning) (cherry picked from commit ea8fe11)
(cherry picked from commit 6d52f20)
(cherry picked from commit fd12209)
(cherry picked from commit 5e17db7)
(cherry picked from commit 6ca05e5)
(cherry picked from commit 0722b3c)
(cherry picked from commit 6ea4146)
(cherry picked from commit 3af6d0d)
Bumps version to 3.8.5 to avoid errors when building
This fixes the situation in ActiveMQServerImpl.createSession () ActiveMQServerImpl.checkSessionLimit () is called with
the ServerSessionImpl.validatedUser parameter, but to count the list of sessions, the ActiveMQServerImpl.getSessionCountForUser ()
method is called, which already iterates over the sessions, ServerSessionImpl.getUsername () is called.
In the case of certificate authentication via the TextFileCertificateLoginModule, getUsername() is always null for client connections,
while ServerSessionImpl.validatedUser is set to the normal user ID via the call to securityStore.authenticate() at the very beginning of
the ActiveMQServerImpl.createSession() method.
|
This really needs a test to validate the fix and also to ensure there are no regressions in the future. Basic tests for resource limits are at |
done |
|
This PR is targetting 2.19.x, it should instead target main (if it were to be backported the change would then be picked from main; however there are no plans to do further 2.19.x releases). The test should be added in the same commit as the change, i.e in this PR, rather than in a seperate PR as you have created (where you actually did target main). You can update a PR by force pushing to the same PR branch after you have made the needed changes, no need to close and reopen. Aside, at the very least your test is missing the licence header, which failed the Travis CI build, although it looks like there may be other style issues as well. You can enable the GitHub Actions based CI jobs in your own fork repo (see the Actions tab) which has more granular checks, and use it to run the jobs on your own fork before opening/updating a PR (since you already opened this one, you would need to use a seperate testing branch to pre-test your updates before updating the original branch). |
I made new PR. |
|
Im not sure what part of my comment was unclear, but again more succinctly:
|
Ok, it's clear now. |
|
I'm replacing this PR with #4146. |
This fixes the situation in ActiveMQServerImpl.createSession () ActiveMQServerImpl.checkSessionLimit () is called with the ServerSessionImpl.validatedUser parameter, but to count the list of sessions, the ActiveMQServerImpl.getSessionCountForUser () method is called, which already iterates over the sessions, ServerSessionImpl.getUsername () is called. In the case of certificate authentication via the TextFileCertificateLoginModule, getUsername() is always null for client connections, while ServerSessionImpl.validatedUser is set to the normal user ID via the call to securityStore.authenticate() at the very beginning of the ActiveMQServerImpl.createSession() method.
Test org.apache.activemq.artemis.tests.integration.server.ResourceLimitTestWithCerts.java